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REMARKS 

Claims 4, 10, 13 and 17 have been amended. Claims 1-3, 
5-9, 11-12, 14-16 and 18-25 stand as originally filed. 

Claims 1-25 were considered in the Office Action. Claims 
5 4 and 13 stand rejected under 35 U.S.C. 112, second paragraph, 
as being indefinite for reciting an 802. lx login packet but 
failing to specify a type of message according to the IEEE 
802. lx protocol in which login packets are sent. Claims 4 and 
13 have been amended to recite a generic login packet. 
10 Applicant believes that these claims, as amended, are clear 
and definite and satisfy the requirements of 35 U.S.C. 112, 
second paragraph. 

Claims 1-25 stand rejected under 35 U.S.C. 102(e) as 
being anticipated by Droms et al . , U.S. Patent 7,143,435. 
15 Applicant believes that the currently pending claims are 

not anticipated by or obvious over the cited references for at 
least the reasons set forth below and respectfully requests 
reconsideration . 

The Invention of Claim 1 
20 The cited references do not disclose or suggest: 

"A method of developing an access control list, 

comprising : 

developing an enhanced access control list including data 
related to at least one of user names, DNS names, Windows 
2 5 domain names, and physical addresses; 

converting at least one of, 

user names into corresponding IP and physical 
addresses according to data in the enhanced access control 
list; 
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DNS names into corresponding IP addresses according 
to data in the enhanced access control list; and 

physical addresses into IP addresses according to 
data in the enhanced access control list; and 
5 developing the access control list from each of the 

operations of converting." 

(Claim 1, emphasis added) 


At least the above highlighted features are not 
anticipated or suggested by the cited references and would not 

10 have been obvious to a person with ordinary skill in the art 
having the cited references. Droms is not directed to a 
method of developing an access control list. Droms discloses 
a gateway with a standard access control list and a DHCPv6 
server that stores information about auto-configured IPv6 

15 addresses. (See, e.g., col. 8, line 44 - col. 9, line 27) For 

example : 


"According to the illustrated embodiment, the DHCPv6 
server 113 registers auto-configured IPv6 addresses in 

response to DHCP information request (INFORM) messages. 

20 The DHCPv6 server 113 performs the registration by 

storing a data structure herein called a map 114. Map 114 
associates an IPv6 address supplied in the INFORM message 
by the host with authentication or authorization 
information, or both, supplied in the INFORM message by a 

25 DHCPvG relay agent in an intermediate device connected to 

the host. Conventional DHCP does not require or suggest 
that the DHCPv6 server 113 obtain authentication or 
authorization information from a DHCP relay agent. 
Conventional DHCP does not require or suggest that the 

30 DHCPv6 server 113 store or use the map 114. 

In addition, in some embodiments, the DHCPv6 server 113 
also stores one or more data structures that associate 
other configuration information with authentication or 
authorization information, or both." 
35 (Droms col. 8, lines 49-66, emphasis added) 
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"The gateway maintains an access control list 14 6 of IP 
addresses in one or more data structures. Only a client 
operating on a host having an IP address included in the 
access control list 14 6 is allowed by the gateway 145 to 
5 exchange data packets over the Internet 150. If a request 

to access the Internet comes from a host with an address 
unknown to the gateway 145 , the gateway 145 may request 
user identification information associated with that 
address from the DHCP server host 112 based on 

10 information in the map 114. The gateway 145 also may 

obtain authorization information such as an access 
control list from the AAA server 132. The gateway 145 is 
one example of a network server in which the service 
provided depends on registering an auto-configured 

15 logical network address." 

(Droms col. 9, lines 14-27) 

Droms ' gateway 145, which contains an access control list 
146, relies on the registration of auto-registered IPv6 
addresses in the DHCPv6 server 113 when a request is received 

20 by the gateway 145 from a host with an address not on the list 
of IP addresses in the access control list 146. Thus, Droms 
includes a traditional access control list containing IP 
addresses, but does not disclose an enhanced control list. 
There is no suggestion in Droms that an enhanced access 

25 control list is generated containing more information than a 

list of IP addresses. Rather, Droms discloses a standard 
access control list in a gateway and a data structure 
containing additional information in a separate DHCPv6 server. 
If Droms disclosed an enhanced control list, there would be no 

30 need for the gateway 145 to query the DHCPv6 server when an 

unknown IP address is detected. It is noted that DHCP servers 
typically do not control network access and do not contain 
access control lists, they merely assign network parameters 
such as IP addresses to other devices on the network. They 

35 are typically not used for security. Similarly, the data 

structure or map contained in Droms' DHCPv6 server is not an 
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access control list or an enhanced control list. It does not 
contain a list of all devices authorized to access a network, 
and is not used to control access. Furthermore, Droms does 
not disclose what information about auto-registered IPv6 
5 addresses is registered by the DHCPvG server, specifying only 

''authentication or authorization information". (See, e.g., 
col. 8, line 55) Droms therefore does not disclose converting 
user names and physical addresses into IP addresses, 
particularly according to data in an enhanced access control 
10 list. 

Applicant therefore believes that claim 1 is allowable 
over the cited references at least because Droms does not 
disclose an enhanced access control list, and converting 
information from the enhanced access control list to develop 

15 an access control list. Applicant respectfully requests 

reconsideration . 

Dependent claims 2-8 depend ultimately upon independent 
claim 1 which is allowable over the cited art as discussed 
above. These dependent claims are likewise in condition for 

20 allowance at least because they depend on an allowable 
independent claim. However, dependent claims 2-8 are 
independently allowable at least in that they recite 
particular features which, when combined with the elements of 
the independent claim, are also not disclosed or suggested in 

25 the cited references. 


The Invention of Claim 9 
The cited references do not disclose or suggest: 

"A method of controlling access of a user to a network 
including a plurality of hosts coupled together through a 
30 network switch, the method comprising: 
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storing in the network switch an enhanced access control 
list containing data related to at least one of user names, 
DNS names, Windows domain names, and physical addresses; and 

generating a dynamic access control list from the 
5 enhanced access control list, the dynamic access control list 
containing a plurality of IP addresses that restrict access of 
the user to the network." 

(Claim 9, emphasis added) 

Applicant repeats the arguments for allowability set 

10 forth above with respect to claim 1, but specifically directed 
to the method set forth in claim 9. Droms does not disclose 
or suggest storing an enhanced access control list in a 
network switch. Droms' gateway contains a conventional access 
control list as discussed above, which relies on queries to a 

15 DHCPvG server to handle queries from hosts with IP addresses 

not in the access control list. Droms' switch 102 does 
contain an authent icator 105 that stores "authentication and 
authorization data". The content of this information is 
unspecified except to indicate that it includes a user class. 

20 (See, e.g., col. 14, lines 43 and 67). The switch 102 does 

not contain an enhanced access control list from which a 
dynamic access control list is generated. Rather, the 
authent icator and a DHCP relay process in Droms' switch 102 
communicate with an external authentication server (AAA 

25 server) in order to configure a DHCP server external to the 

switch 102. (See claim 29) 

Dependent claims 10-17 depend upon independent claim 9 
which is allowable over the cited art as discussed above. 
These dependent claims are likewise in condition for allowance 

30 at least because they depend on an allowable independent 

claim. However, dependent claims 10-17 are independently 
allowable at least in that they recite particular features 
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which, when combined with the elements of the independent 
claim, are also not disclosed or suggested in the cited 
references . 

The Invention of Claim 18 
5 The cited references do not disclose or suggest: 

"A network switching circuit, comprising: 

a forwarding circuit operable to detect specific received 
packets and to provide the specific packets on a processor 
port, and further operable to receive packets on one of a 

10 plurality of ports including the processor port and to forward 

each received packet to a port corresponding to a destination 
address contained in the packet subject to access restrictions 
contained in a dynamic access control list; 

a memory circuit coupled to the forwarding circuit, the 

15 memory circuit operable to store packets and operable to store 
an enhanced access control list and a dynamic access control 
list; and 

a processor coupled to the forwarding circuit and to the 
memory circuit, the processor operable to define the specific 

20 packets detected by the forwarding circuit and operable to 
process the specific packets stored in the memory circuit 
using the enhanced access control list to generate the dynamic 
access control list and store the dynamic access control list 
in the memory circuit, and further operable to provide the 

25 specific packets to the processor port of the forwarding 

circuit after processing the packets." 
(Claim 18, emphasis added) 

Applicant repeats the arguments for allowability set 
forth above with respect to claim 1, but specifically directed 
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to the network switching circuit set forth in claim 18. Droms 
does not disclose or suggest a network switching circuit that 
forwards packets based on access restrictions in a dynamic 
access control list. Droms also does not disclose or suggest 
5 a memory circuit in a network switching circuit that stores an 

enhanced access control list and a dynamic access control 
list. Droms also does not disclose or suggest a processor in 
a network switching circuit that processes packets using an 
enhanced access control list in the switching circuit to 

10 generate a dynamic access control list. 

Dependent claims 19-21 depend upon independent claim 18 
which is allowable over the cited art as discussed above. 
These dependent claims are likewise in condition for allowance 
at least because they depend on an allowable independent 

15 claim. However, dependent claims 19-21 are independently 

allowable at least in that they recite particular features 
which, when combined with the elements of the independent 
claim, are also not disclosed or suggested in the cited 
references . 

2 0 The Invention of Claim 22 

The cited references do not disclose or suggest: 

"A computer network, comprising: 
a network switch, including, 

a forwarding circuit operable to detect specific 
25 received packets and to provide the specific packets on a 

processor port, and further operable to receive packets 
on one of a plurality of ports including the processor 
port and to forward each received packet to a port 
corresponding to a destination address contained in the 

3 0 packet subject to access restrictions contained in a 
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dynamic access control list; 

a memory circuit coupled to the forwarding circuit, 
the memory circuit operable to store packets and operable 
to store an enhanced access control list and a dynamic 
5 access control list; and 

a processor coupled to the forwarding circuit and to 
the memory circuit, the processor operable to define the 
specific packets detected by the forwarding circuit and 
operable to process the specific packets stored in the 

10 memory circuit using the enhanced access control list to 

generate the dynamic access control list and store the 
dynamic access control list in the memory circuit, and 
further operable to provide the specific packets to the 
processor port of the forwarding circuit after processing 

15 the packets; and 

a plurality of hosts, each host coupled to a respective 
port of the network switch." 

(Claim 22, emphasis added) 

Applicant repeats the arguments for allowability set 
20 forth above with respect to claim 1, but specifically directed 

to the computer network set forth in claim 22. Droms does not 
disclose or suggest a network switch that forwards packets 
based on access restrictions in a dynamic access control list. 
Droms also does not disclose or suggest a memory circuit in a 
25 network switch that stores an enhanced access control list and 
a dynamic access control list. Droms also does not disclose 
or suggest a processor in a network switch that processes 
packets using an enhanced access control list in the switching 
circuit to generate a dynamic access control list. 
30 Dependent claims 23-25 depend upon independent claim 22 

which is allowable over the cited art as discussed above. 
These dependent claims are likewise in condition for allowance 
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at least because they depend on an allowable independent 
claim. However, dependent claims 23-25 are independently 
allowable at least in that they recite particular features 
which, when combined with the elements of the independent 
claim, are also not disclosed or suggested in the cited 
references . 

In view of the above, all of the claims are believed to 
be in condition for allowance, and the Applicants respectfully 
request that a timely Notice of Allowance be issued. 


10 Respectfully submitted, 

KLAAS, LAW, 0 1 MEARA & MALKIN, P.C, 

By : /Guv K. dinger/ 

Guy K. Clinger, Esq. 
Registration No. 42,422 
15 1999 Broadway, Suite 2225 


Denver, CO 80202 
(303) 298-9888 
Fax: (303) 297-2266 
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